Re: iptables dnat to loopback

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Damian Gatabria <damian_g@speedy.com.ar>
To: Lista Netfilter <netfilter@lists.netfilter.org>
Subject: Re: iptables dnat to loopback
Date: Mon, 09 Aug 2004 22:29:29 -0300	[thread overview]
Message-ID: <1092101369.7615.5.camel@localhost> (raw)
In-Reply-To: <1092062432.7056.3.camel@localhost>


> > 	Okay --- 
> > 	   If I'm following this thread correctly then, 
> > 	
> > 	we need two rules to manage this ... both Destination and Source Natting 
> > these packets ... 
> > 	My question is ..... 
> > 	As I understand things DNAT is done in PREROUTING and SNAT is done in 
> > POSTROUTING .. 
> > 
> > 	I can setup 
> > 	
> > 	iptables -I PREROUTING -t nat -p TCP -s 192.168.0.2 -d 10.1.105.45 --dport \ 
> > 3306 -j DNAT --to 127.0.0.1
> > and (since nat postrouting FOLLOWS nat prerouting) 
> > 	iptables -I POSTROUTING -t nat -p TCP -s 192.168.0.2 -d 127.0.0.1 --dport \ 
> > 3306 -j SNAT --to 127.0.0.1
> > 
> > 	But I don't belive that this will solve the above problem of the /drop 
> > martians/ behaviour.
> > 
> > 	Any comments folks?
> > 
> > 	Alistair Tonner
> 
> I'll try this when i get home, on my frankenstein box. I'll post
> back later today.
> 
> Thank you all who replied.

Hmm.. well, it looks like David Cannings was right after all. The kernel
will not allow me to do this.. strange. I would have thought it should
be possible somehow... 

Thank you all very much. It was a very informative thread.


-- 
Damian Gatabria <damian_g@speedy.com.ar>

next prev parent reply	other threads:[~2004-08-10  1:29 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-06 17:13 iptables dnat to loopback Jason Opperisano
2004-08-07 10:15 ` David Cannings
2004-08-08  6:17 ` Damian Gatabria
2004-08-08  8:41   ` David Cannings
2004-08-08 17:50     ` Alistair Tonner
2004-08-09 14:40       ` Damian Gatabria
2004-08-10  1:29         ` Damian Gatabria [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-08-06 12:48 Jason Opperisano
2004-08-06 11:38 Damian Gatabria
2004-08-06 11:54 ` Klemen Kecman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1092101369.7615.5.camel@localhost \
    --to=damian_g@speedy.com.ar \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.